Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Transaction not showing some events in table format

jinal24
New Member
‎04-30-2014 04:17 PM

I am using Transaction command to group events in one line and want to see this in a table format. Have the "order_number" as a unique identifier. All of the events related to the ordernumber are written at the same time except conformation info. For some reason conformation information is getting dropped. Is it because conformation doesn't occur till way past 1000 events and is there a way around it?

index=client1 (item=giftcard OR info=billing OR info=purchase_detail OR info=confirmation) | transaction Order_number keepevicted=true | where isnotnull(category)| table order_number, date, paytype, method, ip, confirmation_name

Tags (1)
0 Karma
Reply

mcmaster
Communicator
‎04-30-2014 08:59 PM

From the docs for the transaction command (http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Transaction):

maxevents=<int>
Description: The maximum number of events in a transaction. If the value is negative this constraint is disabled. By default, maxevents=1000.

So try adding maxevents=10000 to your transaction command. Not sure what impact this has on performance though.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...